ietf-dkim
[Top] [All Lists]

RE: [ietf-dkim] The DKIM WG is within security?

2007-01-27 14:53:15
+1


-----Original Message-----
From: Douglas Otis [mailto:dotis(_at_)mail-abuse(_dot_)org]
Sent: Fri 1/26/2007 8:14 PM
To: Oxley, Bill (CCI-Atlanta)
Cc: dotis(_at_)mail-abuse(_dot_)org; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: RE: [ietf-dkim] The DKIM WG is within security?
 


G) Annotation?

Annotation should take place at the MUA or entity with access to the
addressbook or signatures should not be annotated. Without the effort
joined by MUA and web client (browser extensions) vendors, DKIM is not
likely to increase phishing catch rates.

Your statement is less emphatic and better.  Perhaps why could be included
however.

How about:

Annotation applied at the MTA will likely invalidate signatures and
prevent  more accurate annotations from being applied by end user
applications.  Applying annotations should require valid signatures that
are signed on behalf of a _trusted_ entity.

Determination of trust is more accurately accomplished by the end user. 
The basis of end user assessments will likely rely upon out-of-band
methods not available to the MTA.  These lists might be represented by the
recipient's address book, for example.  Without the effort joined by MUA
and web client (browser extensions) vendors, DKIM is not likely to
increase phishing catch rates.

-Doug





_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html